<?php
/***

webtoftp: A FTP manager using HTTP protocol.
Copyright (C) 2007  Emmanuel Cron

This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program.  If not, see <http://www.gnu.org/licenses/>.

***/

session_start();

if ( !isset($_SESSION['PATH']) ) {
	$_SESSION['PATH'] = "/";
}

if (! isset($_GET['path'])) {
	$_GET['path'] = $_SESSION['PATH'];
}

if ( isset($_GET['path']) ) {
	$_SESSION['PATH'] = $_GET['path'];
	
	$pA = explode("/", $_SESSION['PATH'] );
		
	if ( @$pA[count($pA)-2] == ".." && @$pA[count($pA)-3] != "..") {
		array_splice($pA, count($pA)-3, 2);
		$_SESSION['PATH'] = implode("/", $pA);
	}
	elseif ( @$pA[count($pA)-2] == "." ) {
		array_splice($pA, count($pA)-2, 1);
		$_SESSION['PATH'] = implode("/", $pA);
	}
	
	if ( empty($_SESSION['PATH']) )
		$_SESSION['PATH'] = "/";
	elseif ( preg_match("!^.*(?:\/\.\.\/)|(?:\/\.\/).*$!", $_SESSION['PATH']) > 0 )
		$_SESSION['PATH'] = "/";
}

@include("src/folder.php");
@include("src/file.php");
@include("src/upload.php");

if ( !function_exists('get_files') )
	header("Location: err.php?id=3");

if ( !function_exists('get_upload_error_message') )
	header("Location: err.php?id=3");

if ( !is_dir($_SERVER['DOCUMENT_ROOT'] . $_SESSION['PATH']) )
	header("Location: err.php?id=1");

if ( !chdir($_SERVER['DOCUMENT_ROOT'] . $_SESSION['PATH']) )
	header("Location: err.php?id=4");

if ( isset($_GET['file']) ) {
	if ( preg_match("!^.*\/.*$!", $_GET['file']) > 0 ) {
		header("Location: err.php?id=5");
		exit();
	}
	
	if ( !is_file($_GET['file']) ) {
		header("Location: err.php?id=6");
		exit();
	}
	
	if ( isset($_GET['dow']) ) {
		@ob_flush();
		
		header("Content-Type: application/octet-stream");
		header("Content-Disposition: attachment; filename=" . $_GET['file']);
		
		flush();
		readfile($_GET['file']);
		exit();
	}
	elseif ( isset($_GET['del']) ) {
		if ( !isset($_GET['confirm']) )
			define("CONFIRM_DEL", NULL);
		else
			if ( !@unlink($_GET['file']) )
				header("Location: err.php?id=7");
	}
	elseif ( isset($_GET['ren']) ) {
		if ( !isset($_GET['confirm']) )
			define("CONFIRM_REN", NULL);
		elseif ( !isset($_GET['nname']) ) {
			header("Location: err.php?id=9");
			exit();
		}
		elseif ( strlen($_GET['nname']) < 1 ) {
			header("Location: err.php?id=8");
			exit();
		}
		elseif ( preg_match("!^.*\/.*$!", $_GET['nname']) > 0 ) {
			header("Location: err.php?id=5");
			exit();
		}
		elseif ( !@rename("./" . $_GET['file'], "./" . $_GET['nname']) ) {
			header("Location: err.php?id=10");
			exit();
		}
	}
}

if ( isset($_GET['folder']) ) {
	if ( preg_match("!^.*\/.*$!", $_GET['folder']) > 0 ) {
		header("Location: err.php?id=5");
		exit();
	}
	
	if ( $_GET['folder'] == "." || $_GET['folder'] == ".." ) {
		header("Location: err.php?id=12");
		exit();
	}
	
	if ( !is_dir($_GET['folder']) ) {
		header("Location: err.php?id=16");
		exit();
	}
	
	if ( isset($_GET['del']) ) {
		if ( !isset($_GET['confirm']) )
			define("CONFIRM_DELF", NULL);
		else
			if ( !@rmdir($_GET['folder']) )
				header("Location: err.php?id=17");
	}
	elseif ( isset($_GET['ren']) ) {
		if ( !isset($_GET['confirm']) )
			define("CONFIRM_RENF", NULL);
		elseif ( !isset($_GET['nname']) ) {
			header("Location: err.php?id=9");
			exit();
		}
		elseif ( strlen($_GET['nname']) < 1 ) {
			header("Location: err.php?id=11");
			exit();
		}
		elseif ( preg_match("!^.*\/.*$!", $_GET['nname']) > 0 ) {
			header("Location: err.php?id=5");
			exit();
		}
		elseif ( !@rename("./" . $_GET['folder'], "./" . $_GET['nname']) ) {
			header("Location: err.php?id=18");
			exit();
		}
	}
}

if ( isset($_GET['newf']) ) {
	$oldumask = umask(0);
	if ( !isset($_GET['confirm']) )
		define("CONFIRM_NEWF", NULL);
	elseif ( strlen($_GET['newf']) < 1 ) {
		umask($oldumask);
		header("Location: err.php?id=11");
		exit();
	}
	elseif ( preg_match("!^.*\/.*$!", $_GET['newf']) > 0 ) {
		umask($oldumask);
		header("Location: err.php?id=12");
		exit();
	}
	elseif ( is_dir("./" . $_GET['newf']) ) {
		umask($oldumask);
		header("Location: err.php?id=15");
		exit();
	}
	elseif ( !@mkdir("./" . $_GET['newf'], 0755) ) {
		umask($oldumask);
		header("Location: err.php?id=13");
		exit();
	}
	umask($oldumask);
}

if ( isset($_GET['upload']) ) {
	if ( !isset($_GET['confirm']) )
		define("CONFIRM_UPL", NULL);
	else {
		define("UPLOAD", NULL);
		$uploadStatus = "";
		
		while ( $f = each($_FILES) ) {
			$fField = $f['key'];
			$f = $f['value'];
			
			if ( $f['error'] != UPLOAD_ERR_NO_FILE ) {
				$oldumask = umask(0);
				if ( $f['error'] != UPLOAD_ERR_OK ) {
					if ( strlen($f['name']) < 1 )
						$uploadStatus .= "<strong>" . $fField . ":</strong> ";
					else
						$uploadStatus .= "<strong>" . $f['name'] . ":</strong> ";
					$uploadStatus .= get_upload_error_message($f['error']) . "<br />";
				}
				elseif ( !move_uploaded_file($f['tmp_name'], $_SERVER['DOCUMENT_ROOT'] . $_SESSION['PATH'] . $f['name']) )
					$uploadStatus .= "<strong>" . $f['name'] . ":</strong> Couldn't move file on server.<br />";
				elseif ( !chmod($_SERVER['DOCUMENT_ROOT'] . $_SESSION['PATH'] . $f['name'], 0644) )
					$uploadStatus .= "<strong>" . $f['name'] . ":</strong> Couldn't give permissions on this file.<br />";
				else
					$uploadStatus .= "<strong>" . $f['name'] . ":</strong> Upload successful.<br />";
				umask($oldumask);
			}
		}
		unset($f);
		unset($fField);
	}
}

$dR = opendir($_SERVER['DOCUMENT_ROOT'] . $_SESSION['PATH']);
if ( !$dR )
	header("Location: err.php?id=2");

$dA = array(); $fA = array();
get_files($dR, $dA, $fA);

closedir($dR);

?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="fr" lang="fr">
<head>
	<title>webtoftp</title>
	<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
	<link href="styles/general_styles.css" rel="stylesheet" type="text/css" />
	<link href="styles/css_index.css" rel="stylesheet" type="text/css" />
</head>
<body>
	<h1>webtoftp</h1>
	
	<p id="folder">
		<span style="font-weight: bold;">Folder:</span>
		<a href="?path=/">root</a><?php
		if ( isset($pA) && count($pA) > 1 ) {
			$i = 0;
			while ( $d = each($pA) ) {
				$i++;
				?><a href="?path=<?php echo implode("/", array_slice($pA, 0, $i)) . "/"; ?>"><?php echo $d['value']; ?></a><?php
				if ( key($pA) != "" ) echo "/";
			}
			unset($i);
		}
		else
			echo "/";
		?><br />
		<img src="img/folder_new.gif" alt="Refresh" /> <a href="?path=<?php echo $_SESSION['PATH']; ?>&amp;newf">New folder</a>
		<img src="img/upload.gif" alt="Upload" /> <a href="?path=<?php echo $_SESSION['PATH']; ?>&amp;upload">Upload</a>
		<img src="img/refresh.gif" alt="Refresh" /> <a href="?path=<?php echo $_SESSION['PATH']; ?>">Refresh</a>
	</p>
	
	<?php
	if ( defined("CONFIRM_DEL") ) {
	?>
	<p id="deleteC">
		Are you sure you want to delete '<?php echo $_GET['file']; ?>'?<br />
		<a href="?path=<?php echo $_SESSION['PATH']; ?>&amp;file=<?php echo $_GET['file']; ?>&amp;del&amp;confirm">Yes</a> &nbsp; <a href="?path=<?php echo $_SESSION['PATH']; ?>">No</a>
	</p>
	<?php
	}
	elseif ( defined("CONFIRM_DELF") ) {
	?>
	<p id="deleteC">
		Are you sure you want to delete the folder '<?php echo $_GET['folder']; ?>'?<br />
		<a href="?path=<?php echo $_SESSION['PATH']; ?>&amp;folder=<?php echo $_GET['folder']; ?>&amp;del&amp;confirm">Yes</a> &nbsp; <a href="?path=<?php echo $_SESSION['PATH']; ?>">No</a>
	</p>
	<?php
	}
	elseif ( defined("CONFIRM_REN") ) {
	?>
	<form action="" method="get">
	<p id="infoF">
		Please enter the new name of '<?php echo $_GET['file']; ?>' :<br />
		<input type="text" name="nname" value="<?php echo $_GET['file']; ?>" /><br />
		<input type="hidden" name="path" value="<?php echo $_SESSION['PATH']; ?>" />
		<input type="hidden" name="file" value="<?php echo $_GET['file']; ?>" />
		<input type="hidden" name="ren" /><input type="hidden" name="confirm" />
		<input type="submit" value="Rename" /> <a href="?path=<?php echo $_SESSION['PATH']; ?>">Back</a>
	</p>
	</form>
	<?php
	}
	elseif ( defined("CONFIRM_RENF") ) {
	?>
	<form action="" method="get">
	<p id="infoF">
		Please enter the new name of the folder '<?php echo $_GET['folder']; ?>' :<br />
		<input type="text" name="nname" value="<?php echo $_GET['folder']; ?>" /><br />
		<input type="hidden" name="path" value="<?php echo $_SESSION['PATH']; ?>" />
		<input type="hidden" name="folder" value="<?php echo $_GET['folder']; ?>" />
		<input type="hidden" name="ren" /><input type="hidden" name="confirm" />
		<input type="submit" value="Rename" /> <a href="?path=<?php echo $_SESSION['PATH']; ?>">Back</a>
	</p>
	</form>
	<?php
	}
	elseif ( defined("CONFIRM_NEWF") ) {
	?>
	<form action="" method="get">
	<p id="infoF">
		Please enter the name of the new folder:<br />
		<input type="text" name="newf" /><br />
		<input type="hidden" name="path" value="<?php echo $_SESSION['PATH']; ?>" />
		<input type="hidden" name="confirm" />
		<input type="submit" value="Create" /> <a href="?path=<?php echo $_SESSION['PATH']; ?>">Back</a>
	</p>
	</form>
	<?php
	}
	elseif ( defined("CONFIRM_UPL") ) {
	?>
	<form action="?path=<?php echo $_SESSION['PATH']; ?>&amp;upload&amp;confirm" enctype="multipart/form-data" method="post">
	<p id="infoF">
		Please select the files you wish to upload:<br />
		<input type="file" name="file01" /> <input type="file" name="file11" /><br />
		<input type="file" name="file02" /> <input type="file" name="file12" /><br />
		<input type="file" name="file03" /> <input type="file" name="file13" /><br />
		<input type="file" name="file04" /> <input type="file" name="file14" /><br />
		<input type="file" name="file05" /> <input type="file" name="file15" /><br />
		<input type="file" name="file06" /> <input type="file" name="file16" /><br />
		<input type="file" name="file07" /> <input type="file" name="file17" /><br />
		<input type="file" name="file08" /> <input type="file" name="file18" /><br />
		<input type="file" name="file09" /> <input type="file" name="file19" /><br />
		<input type="file" name="file10" /> <input type="file" name="file20" /><br />
		<input type="hidden" name="MAX_FILE_SIZE" value="10485760" />
		<input type="submit" value="Upload" /> <a href="?path=<?php echo $_SESSION['PATH']; ?>">Back</a>
	</p>
	</form>
	<?php
	}
	elseif ( defined("UPLOAD") ) {
	?>
	<p id="infoF">
		<?php echo $uploadStatus; ?><br />
		<a href="?path=<?php echo $_SESSION['PATH']; ?>">Next</a>
	</p>
	<?php
	}
	else {
	?>
	<table id="list">
	<thead>
	<tr>
		<td>Name:</td>
		<td>Latest modification:</td>
		<td>Size:</td>
		<td>Tools:</td>
	</tr>
	</thead>
	<tbody>
	<?php
	$i = 0;
	while ( $d = each($dA) ) {
	if ( !($_SESSION['PATH'] == "/" && ($d['value'] == "." || $d['value'] == "..")) ) {
	?>
	<tr class="color<?php echo $i; ?>">
		<td class="left"><img src="img/folder.gif" alt="Folder" /> <a href="?path=<?php echo $_SESSION['PATH'] . $d['value'] . "/"; ?>"><?php echo $d['value']; ?></a></td>
		<td>-</td>
		<td>-</td>
		<td>
			<?php
			if ( $d['value'] != "." && $d['value'] != ".." ) {
			?>
			<a href="?path=<?php echo $_SESSION['PATH']; ?>&amp;folder=<?php echo $d['value']; ?>&amp;ren"><img src="img/rename.gif" alt="Rename" title="Rename" /></a>
			<a href="?path=<?php echo $_SESSION['PATH']; ?>&amp;folder=<?php echo $d['value']; ?>&amp;del"><img src="img/remove.gif" alt="Remove" title="Remove" /></a>
			<?php
			}
			?>
		</td>
	</tr>
	<?php
	if ( $i == 0 ) $i = 1; else $i = 0;
	}
	}
	while ( $f = each($fA) ) {
	$sf = stat($f['value']);
	?>
		<tr class="color<?php echo $i; ?>">
		<td class="left"><img src="img/file.gif" alt="Folder" /> <a href="<?php echo $_SESSION['PATH'] . $d['value'] . $f['value']; ?>"><?php echo $f['value']; ?></a></td>
		<td><?php echo date("d-M-Y H:i", $sf['mtime']); ?></td>
		<td><?php echo human_readable_size($sf['size'], KB_SIZE); ?></td>
		<td>
			<a href="?path=<?php echo $_SESSION['PATH'] . $d['value']; ?>&amp;file=<?php echo $f['value']; ?>&amp;dow"><img src="img/download.gif" alt="Download" title="Download" /></a>
			<a href="?path=<?php echo $_SESSION['PATH'] . $d['value']; ?>&amp;file=<?php echo $f['value']; ?>&amp;ren"><img src="img/rename.gif" alt="Rename" title="Rename" /></a>
			<a href="?path=<?php echo $_SESSION['PATH'] . $d['value']; ?>&amp;file=<?php echo $f['value']; ?>&amp;del"><img src="img/remove.gif" alt="Remove" title="Remove" /></a>
		</td>
	</tr>
	<?php
	if ( $i == 0 ) $i = 1; else $i = 0;
	}
	unset($i);
	?>
	</tbody>
	</table>
	<p id="fileinfo">
		Folders: <?php echo count($dA)-2; ?>,
		Files: <?php echo count($fA); ?>.
		Total: <?php echo count($fA)+count($dA)-2; ?>.
	</p>
	<?php
	}
	?>
	
	<p id="footer">
		Copyright 2006, pb_ee1 - <a href="http://code.google.com/p/webtoftp/">Official website</a>
	</p>
</body>
</html>
